HEX

File: //opt/dedrads/__pycache__/alp.cpython-313.pyc
�

"��i�@��Z�SrSSKrSSKrSSKrSSKrSSKrSSKJr SSKJr SSK	J
r
 SSKJr
 SSKrSSKJrJrJr SSKJrJr S	rS
rSrSr\R4"5S
S-rSr\R:"\5rSr Sr!Sr"SSjr#Sr$Sr%Sr&Sr'Sr(Sr)Sr*Sr+\S:Xa\+"5 gg)z3Apache Log Parser - Parse Apache domain access logs�N)�ArgumentParser)�time)�defaultdict)�node)�resolver�reversename�	exception)�
setup_logging�colorzDaniel Kzdanielk@inmotionhosting.comz1.0.2z
2016-09-16�apache_domlogsz/{0!s}/�2c���[R"5nSUlSUl[R
"U5nUR
US5n[US5$![Ra g[Ra [RSU5 g[Ra [RSU5 g[Ra [RS	U5 g
f=f)zReturn PTR for IP addressg�?�PTRrzNo Record FoundzQuery Timed out looking for %szQuery Timed OutzNo nameservers found for %szNo nameservers foundzNo answer for %sz	No Answer)r�Resolver�lifetime�timeoutr�from_address�query�str�NXDOMAINr	�Timeout�LOGGER�debug�
NoNameservers�NoAnswer)�ip_addr�
myresolver�
question_name�answerss    �/opt/dedrads/alp.py�
ptr_lookupr!"s�����&�&�(�
�!�
�� �
��#�0�0��9�
��"�"�=�%�8���7�1�:�������!� ����!����5�w�?� ��!�!�&����2�G�<�%��������'��1���s$�AA�C3�1)C3�)C3�)C3�2C3c#�# �US:Xa.[RS5 [RShv�N gUn[RSU5 [R
R
U5(a[USS9nUShv�N SSS5 ggNaN![a [RSU5 N0f=f!,(df   g=f7f)�Process log lines�-zProcessing from STDIN.NzProcess file %szutf-8)�encodingzError reading file %s)
r�info�sys�stdin�os�path�exists�open�OSError�error)�source�filename�file_handles   r �domlog_linesr2:s������}����,�-��9�9��������%�v�.�
�7�7�>�>�(�#�#��h��1�[�D�*�*�*�2�1�$�		�+���D��L�L�!8�(�C�D��2�1�sX�/C�B�AC�=B=�?B�B�B�	C�B� B:�7B=�9B:�:B=�=
C�Cc�f^�0nSn[TU4SjSS9HnUS-nTUX$'X1:�dMUs $ U$)z/Trim dictionary to top entries ordered by valuerc�>�TU$�N�)�x�
dictionarys �r �<lambda>�trim_dict.<locals>.<lambda>Rs	����A��T��key�reverse�)�sorted)r8�entries�trimmed_dict�count�items`    r �	trim_dictrEKsN����L�
�E��z�'>��M����	��'��-�������	N��r;c�Z�[[5[S5[[5[[5[[5SS.n[R"S5n[	U5GHDnUSS-US'URU5nUGb
USUR
S5S-USUR
S5'S	RUR
S5UR
S
55nUSUS-USU'USUR
S
5S-USUR
S
5'USUR
S5S-USUR
S5'UR
S5nUR
S5n	USUU	S-USUU	'GM.[RSU5 GMG [USU5US'[USU5US'[USU5US'U(a<[[5n
USH n[U5nUSSU3n
USUX�'M" X�S'U$)r#c� �[[5$r5)r�intr6r;r r9�parse_domlogs.<locals>.<lambda>`s	��K��,<r;r)�status_codes�daily_hourly�requests�user_agents�top_ips�	linecountaR^(?P<ips>(?P<ip>[0-9.]+|[a-fA-F0-9:]+)(,\s*[0-9.]+|[a-fA-F0-9:]+)*)\s+(?P<logname>\S+)\s+(?P<user>\S+)\s+\[(?P<date>[0-9]+/[a-zA-Z]+/[0-9]+):(?P<time>(?P<hour>[0-9]+):[0-9]+:[0-9]+ [0-9-+]+)\]\s+"(?P<request>(?P<type>[A-Z]+)\s+(?P<uri>\S+)) [^"]*"\s+(?P<status>[0-9]+|-)\s+(?P<size>[0-9]+|-)\s+"(?P<referrer>[^"]*)"\s+"(?P<useragent>.*)"$rOr?rJ�statusz	{: <4} {}�requestrLrN�iprM�	useragent�date�hourrKzMissed log line: %sz <15� �top_ips_with_ptr)rrH�re�compiler2�search�group�formatr�warningrEr!)r/�numlines�add_ptr�results�
rx_logline�line�
match_loglinerQrTrU�ip_ptrr�
ptr_record�ip_with_ptrs              r �
parse_domlogsrg[sw��$�C�(�#�$<�=���$�"�3�'��s�#��
�G����	 �
�J��V�$��&�{�3�a�7����"�)�)�$�/�
��$���'�
�(;�(;�H�(E�F��J�
�N�#�M�$7�$7��$A�B�"�(�(��#�#�H�-�}�/B�/B�9�/M��G�,3�:�+>�w�+G�!�+K�G�J���(��	�"�=�#6�#6�t�#<�=��A�
�I��}�2�2�4�8�9��
�&�}�':�':�;�'G�H�1�L�
�M�"�=�#6�#6�{�#C�D�!�&�&�v�.�D� �&�&�v�.�D���'��-�d�3�a�7�
�N�#�D�)�$�/�
�N�N�0�$�7�/%�2$�G�J�$7��B�G�J��&�w�}�'=�x�H�G�M��"�7�9�#5�x�@�G�I����S�!���y�)�G�#�G�,�J�$�T�N�!�J�<�8�K�")�)�"4�W�"=�F��	*�
'-�"�#��Nr;c���Uc[RS5 SnO[RSU5 /n[R"[RU55H�nSU;dMSU;dMSU;aM[RR[RU5U5n[RRU5(dMtURU5 M� U$)zCArray of domlogs for cpuser. If cpuser is None, return all domlogs.zChoosing domlog for all users�.zChoosing domlog for %s�_logz-ssl�
ftpxferlog)
rr&r)�listdir�USER_DOMLOG_DIRr\r*�join�isfile�append)�cpuser�logfile_listr0�logfiles    r �
logs_for_userrt�s����~����3�4������,�f�5��L��J�J��5�5�f�=�>���(�"��x�)?��x�'���g�g�l�l�?�#9�#9�&�#A�8�L�G��w�w�~�~�g�&�&��#�#�G�,�
?��r;c��/n[U5n[U5S:Xa[RSU5 g[U5S:Xa[R	SXS5 US$UHDn[
RRU5[5S-
:�dM3URU5 MF [U5S:Xa[R	SXS5 US$[U5S:Xa[R	SU5 OUnSnSnUHIn[
RRU5U:�dM([
RRU5nUnMK U$)	z�
Determine log file to use for a cPanel user.
This is done by first using any unique file, then using any
unique recently updated file, and then preferring size for
the remaining files.

If cpuser is None, search for all logs.
rz$Could not find valid log file for %sNr?zOnly one log file for %s: %si�Qz#Only one recent log file for %s: %szNo recent logs for %s)rt�lenrr]rr)r*�getmtimerrp�getsize)rq�recentlog_listrrrs�largest�domlogs      r �choose_logfiler|�s+���N� ��(�L�
�<��A�����=�v�F��
�<��A�����3�V�!�_�M��A�����
�7�7���G�$�����7��!�!�'�*� �
�>��a�����1�6�!�;L�	
��a� � �
�>��a�����,�f�5�%���G�
�F���
�7�7�?�?�7�#�g�-��g�g�o�o�g�.�G��F� �
�Mr;c���SnSnUSX-
n[U5U-nSRS[X-
555n[[R
"UR
UU555 g)zPrint pretty headerz~~ {0!s} ~~{1}�N�c3�&# �UHnSv� M	 g7f)�~Nr6)�.0�is  r �	<genexpr>�print_title.<locals>.<genexpr>�s���?�$>�q�s�$>�s�)rvrn�range�printr�greenr\)�title�width�
header_format�base_header_size�head_length�long_bars      r �print_titler��st��%�M���
�,�E�,�-�E��e�*�/�/�K��w�w�?�E�%�*=�$>�?�?�H�	�
���� � ���
�	
�r;c�^�[X5 Sn[TU4SjSS9H&nUS-n[TUSSU3SU5 XB:XdM& g g)	z;Print pretty data in a tall format, with one entry per linerc�>�TU$r5r6)r7�arrays �r r9�print_tall.<locals>.<lambda>s	���E�!�Hr;Tr<r?z 6z     N)r�r@r�)r�r�r^r��
line_countrDs `    r �
print_tallr��sZ�������J��u�"4�d�C���!�^�
�
��t��R� ��d�V�,�V�e�4�5��!��	Dr;c���[X5 SnSnUHOnUSXS3nU[U5-U:�aUS-n[5 SnXB:Xa gU[U5-n[USS9 MQ [5 g)z>Print pretty data in a wide format, with many entries per liner�: z  r?NrV)�end)r�rvr�)r�r�r^r�r��
current_widthrD�	next_items        r �
print_wider�	s�������J��M����f�B�u�{�m�2�.�	��3�y�>�)�U�2�#�a��J��G��M��%��%��I��6�
�
�i�S�!��
�Gr;c	���[[S9nURSSSSS9 URSSSS	S9 UR5nURS
SSSS9 URS
SSSS9 URSSSSS9 UR	S5nURSSS[
SSS9 URSSS[
SSS9 URSSSS S9 UR	S!5nUR5nURS"S#S$S%S&S'S(9 URS)S*S$S%S+S,S(9 URS-S$[/S.QS/S09 URS1S2S[S3S4S9 URS5S6[S7S8S99 UR5nUR(a;[S:[35 [S;[S<35 [R"S=5 URc[R nO([#[URR%55nUR&S3:Xa[)S>U[R*S?9 O[)UR&US@S?9 UR,(aS@nOSAn[/UR05S=:Xa0[2R5SB5 UR0R7SC5 UR0UUR8UR:UR<UR>UR@4$)Dz
Parse command line arguments
)�descriptionz-az--all�
store_truez]Search all users. Do not limit search to single user. Overrides any usernames or paths given.)�action�helpz-mz--multilogsz7Return results for all log files, rather than just one.z-pz
--with-ptrz-Get PTR records for IPs. This is the default.z-Pz--no-ptrz*Do not resolve PTRs for IPs. Overrides -p.z-Vz	--versionz#Print version information and exit.zOutput optionsz-nz
--numlines�store�
z>Number of lines to display in each section. The default is 10.)r��type�defaultr�z-wz--width�nz2Width of output in characters. The default is 110.z-jz--jsonzOutput data as JSON instead.zError logging optionsz-vz	--verbose�loglevel�store_constrzUse verbose logging.)�destr��constr�z-qz--quiet�criticalzLog only critical errorsz
--loglevel)r.r&rr]r�zBSpecify the verbosity of logging output. The default is 'warning'.)r�r��choicesr�z-oz--outputrz%Output logging to the specified file.�sourcesz
(USER|LOG)�*z�Either a cPanel user or an Apache domain log file. '-' will be handled as STDIN. If none are given, then the script will attempt to gather data from the STDIN.)�metavarr��nargsr�zApache Log Parser version zLast modified on rirz/var/log/messages)r*r��	print_outFTzNo sources. Using STDIN.r$)!r�__doc__�add_argument�add_mutually_exclusive_group�add_argument_grouprHr�
parse_args�versionr��__version__�__date__r'�exitr��logging�WARNING�getattr�upper�outputr
�stderr�no_ptrrvr�rr&rpr^r��json�all�	multilogs)�parser�	ptr_group�output_group�logging_parser_group�
logging_group�args�
logging_level�show_ptrs        r r�r�s=��
��
0�F�
������
6���������
F�	���3�3�5�I�
������
<�	��������
9�	��������
2�	���,�,�-=�>�L�������
��O��	�������
��
A�
������h�|�2P���"�4�4�5L�M��(�E�E�G�M������
���
#�
�������
���
'�
������
�
�A�
(�
�	��%�%����
��
4�
&�������
��
#�
������D��|�|�
�*�;�-�8�9�
�!�(��1�-�.�������}�}�����
������)<�)<�)>�?�
��{�{�b���$�"��j�j�	
�	�4�;�;��%�P��{�{�����
�4�<�<��A�����.�/������C� �	
�����
�
��
�
��	�	��������r;c��UH�up4USS:a[US35 M[[R"SUS35S-5 USHn[SUS3USUUU5 M [S	US
X5 [	SUSX5 [	S
USX5 USb[	SUSX5 O[	SUSX5 [S5 M� g)zPrint out results to terminalrOr?z
 is empty.zResults for �:rKz
Hourly hits (�)zHTTP response codesrJzTop RequestsrLzTop user agentsrMrWNzTop IPs with PTRszTop IPsrN�
)r�r�yellowr�r�)r`r^r�r/�result�days      r �
print_resultsr��s���"����+���"��V�H�J�'�(��
�e�l�l�\�&���3�4�s�:�;��.�)�C����u�A�&��~�&�s�+���	
�*�	�!�6�.�#9�8�	
�	�>�6�*�#5�x�G��$�f�]�&;�X�M��$�%�1��#�V�,>�%?��
�
�y�&��"3�X�E�
�d��3"r;c	��[5unnnnnnn[SS55(a[nOSn/nU(a�U(aJ[R	S5 [S5SUH!n	[
X�U5n
URX�45 M# GO�[S5n	[R	SU	5 [
X�U5n
URX�45 GO�UGH�nUS:Xa7[R	SU5 [
X�U5n
URSU
45 MA[RRU5(a6[R	S	U5 [
X�U5n
URX�45 M�[RRS
U<35(a�U(aL[R	SU5 [U5SUH!n	[
X�U5n
URX�45 M# GM[U5n	[R	SU	5 [
X�U5n
URX�45 GMX[RSU5 [R"S
5 GM� U(a![[ R""USSSS95 g[%X�U5 g)zMain function for scriptc3�:# �UHo[5;v� M g7fr5)�hostname)r��shared_types  r r��main.<locals>.<genexpr>�s���
N�8M��(�*�$�8M�s�)�biz�hub�resNzSource is all log files.zSource is user file: %sr$zSource is STDIN: %s�STDINzSource is file: %sz/var/cpanel/users/zSource is all files for : %sz$Unable to determine log file for: %s�255T�)�,r�)�	sort_keys�indent�
separators)r��any�MAX_LOGS_SHAREDrr&rtrgrpr|r)r*ror]r'r�r�r��dumpsr�)r�r�r^r��	show_json�	all_usersr��	log_limitr`r{�
sections_dictr/s            r �mainr��s ��	������
�����
N�8M�
N�N�N�#�	��	�
�G����K�K�2�3�'��-�j�y�9�� -�f�� I�
�����6�7�:�$�D�)�F��K�K�1�6�:�)�&�H�E�M��N�N�F�2�3��F���}����1�6�:� -�f�� I�
������7�8�������'�'����0�&�9� -�f�� I�
�����6�7������"4�V�J� ?�@�@���K�K� >��G�"/��"7�
��"C��(5�"�h�)�
� ����'>�?�	#D�,�F�3�F��K�K� 9�6�B�$1�&�H�$M�M��N�N�F�#:�;����E�v�N������1�4�
��J�J��4��k�
�	
�	�g��/r;�__main__)r�F),r�r)r'r�rXr��argparserr�collectionsr�platformrr��envinfo�dnsrrr	�radsr
r�__maintainer__�	__email__r�r��get_datarmr��	getLogger�__name__rr!r2rErgrtr|r�r�r�r�r�r�r6r;r �<module>r�s���9�	�
��	��#��#�%��0�0�%���)�	�����
�"�"�$�%5�6��B����	�	�	�8�	$���0D�"
� C�L�*.�b�,	��(e�P�>G0�T�z���F�r;